CVE-2011-5003
published 2011-12-25CVE-2011-5003: Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute…
PriorityP274critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
62.81%
99.1th percentile
Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute arbitrary code via a long request to TCP port 4659.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| avid | media_composer | <= 5.5.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\xeb\x35\x8b\x02
- →Alert on TCP connections to port 4659 (primary) or 4660 (alternate) targeting AvidPhoneticIndexer.exe with oversized/anomalous payloads indicative of buffer overflow exploitation. ↗
- →Detect the SEH pivot byte sequence \xeb\x35\x8b\x02 within TCP payloads destined for port 4659 or 4660 as a strong exploit indicator. ↗
- →Exploit payload structure: 216 bytes of 'A' padding, followed by 4-byte SEH pivot, then 732 bytes of 'A', then ROP chain. A run of 948+ 'A' (0x41) bytes in a TCP stream to port 4659/4660 is a strong signature. ↗
- →Monitor for unexpected child processes or shellcode execution spawned from AvidPhoneticIndexer.exe on Windows XP SP3 systems running Avid Media Composer 5.5.x. ↗
- ·The vulnerable service (AvidPhoneticIndexer.exe) may listen on port 4659 when launched as part of the Avid Media Composer suite, or on port 4660 when started standalone — detection rules must cover both ports. ↗
- ·Payload space is limited to 1012 bytes and uses AlphanumMixed encoding with EAX as the buffer register; detection signatures based on payload size or encoding type should account for these constraints. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
AVID Media Composer Phonetic Indexer - Remote Stack Buffer Overflow (Metasploit)
exploitdb·2011-12-01
CVE-2011-5003 AVID Media Composer Phonetic Indexer - Remote Stack Buffer Overflow (Metasploit)
AVID Media Composer Phonetic Indexer - Remote Stack Buffer Overflow (Metasploit)
---
#Name :AVID Media Composer Phonetic Indexer Remote Stack Buffer Overflow
#Vendor Website : http://www.avid.com
#Date Released : November 29, 2011
#Affected Software : AVID Media Composer "Avid Media Composer 5.5 - Avid Phonetic Indexer Stack Overflow",
'Description' => %q{
This module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659),
which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a
different port; if you start it standalone it will run on port 4660.
},
'License' => MSF_LICENSE,
'Version' => "$Revision: 13137 $",
'Author' =>
[
'vt [[email protected]]',
],
'References' =>
[
[ 'URL', 'http://www.security-ass
Metasploit
Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow
metasploit
Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow
Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow
This module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660.
No writeups or analysis indexed.
http://secunia.com/advisories/47047http://www.exploit-db.com/exploits/18183http://www.osvdb.org/77376http://www.security-assessment.com/files/documents/advisory/Avid_Media_Composer-Phonetic_Indexer-Remote_Stack_Buffer_Overflow.pdfhttp://www.securityfocus.com/bid/50843https://exchange.xforce.ibmcloud.com/vulnerabilities/71514http://secunia.com/advisories/47047http://www.exploit-db.com/exploits/18183http://www.osvdb.org/77376http://www.security-assessment.com/files/documents/advisory/Avid_Media_Composer-Phonetic_Indexer-Remote_Stack_Buffer_Overflow.pdfhttp://www.securityfocus.com/bid/50843https://exchange.xforce.ibmcloud.com/vulnerabilities/71514
2011-12-25
Published